Security News > 2022 > April > Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers
The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments.
Microsoft Threat Intelligence Center, which dubbed the defense evasion malware "Tarrask," characterized it as a tool that creates "Hidden" scheduled tasks on the system.
"Scheduled task abuse is a very common method of persistence and defense evasion - and an enticing one, at that," the researchers said.
Hafnium, while most notable for Exchange Server attacks, has since leveraged unpatched zero-day vulnerabilities as initial vectors to drop web shells and other malware, including Tarrask, which creates new registry keys within two paths Tree and Tasks upon the creation of new scheduled tasks -.
By erasing the SD value from the aforementioned Tree registry path, it effectively leads to the task hidden from the Windows Task Scheduler or the schtasks command-line utility, unless manually examined by navigating to the paths in the Registry Editor.
"The attacks signify how the threat actor Hafnium displays a unique understanding of the Windows subsystem and uses this expertise to mask activities on targeted endpoints to maintain persistence on affected systems and hide in plain sight," the researchers said.
News URL
https://thehackernews.com/2022/04/microsoft-exposes-evasive-chinese.html
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Chinese PC-maker Acemagic customized its own machines to get infected with malware (source)
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)
- Microsoft rolls back decision to stop Windows 11 22H2 preview updates (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)